package com.swh.config;

import com.swh.ShiroUserRealm.ShiroUserRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import java.util.HashMap;
import java.util.Map;

/**
 * @Author: swh
 * @Description:
 * @Date: 2021/1/5 17:12
 * @Version: 1.0
 */
@Configuration
public class ShiroConfig {

    @Bean(name="credentialsMatcher")
    public HashedCredentialsMatcher credentialsMatcher() {
        //Shiro自带加密
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        //散列算法使用md5
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        //散列次数，2表示md5加密两次
        hashedCredentialsMatcher.setHashIterations(2);
        return hashedCredentialsMatcher;
    }


    @Bean
    public ShiroUserRealm getShiroUserRealm() {
        ShiroUserRealm userRealm = new ShiroUserRealm();
        userRealm.setCredentialsMatcher(credentialsMatcher());
        return userRealm;
    }

    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(ShiroUserRealm shiroUserRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(shiroUserRealm);
        return securityManager;
    }

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        //Shiro的核心安全接口,这个属性是必须的
        factoryBean.setSecurityManager(securityManager);
        //身份认证失败，则跳转到登录页面的配置
        factoryBean.setLoginUrl("/html/notlogin.html");
        //权限认证失败，则跳转到指定页面
        factoryBean.setUnauthorizedUrl("/html/notauth.html");
        Map<String, String> map = new HashMap<>();
        map.put("/guguanjia/**", "authc");
        map.put("**/*.html", "authc");
        map.put("/index.html", "anon");
        map.put("/notlogin.html", "anon");
        map.put("/notauth.html", "anon");
        factoryBean.setFilterChainDefinitionMap(map);
        return factoryBean;
    }

    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        return new DefaultAdvisorAutoProxyCreator();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}
